![IDC Network Design – Security & CDN Security Layer ,[object Object],[object Object],[object Object],Internet ( International/ Local) Internet Backbone Connection Firewall & Security (VPN) Hosting Customer Internet Data Center Backbone Switch Hosting Access Switch / BMW Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Hosting Access Switch / BMW Hosting Customer Hosting Customer Network Management System ACE 180E ACE 180E ACE 180E ACE 180E Firewall SSL Service SSL Service SSL Service SSL Service Cache Server Cache Server Cache Server Cache Server Firewall](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recomendados
Recomendados
Más contenido relacionado
La actualidad más candente
La actualidad más candente (20)
Destacado
Destacado (20)
Similar a Data Center Design Guide 4 2
Similar a Data Center Design Guide 4 2 (20)
Último
Último (20)
Data Center Design Guide 4 2
- 1. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 3. Web Cache Redirection Origin Servers Internet Access Cache Server Filt 100 /sip any /dip any /proto tcp /sport any /dport 80 /act redir /rport 80 /group 1
- 4. Active-Standby WCR Design Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 …… . Active Standby Active – used for Web traffic Standby – used for another service Internet Backbone Cache Cache
- 5. Hot Standby WCR Design Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 Active Hot Standby L2 Switch Cache Cache
- 10. SSL Offload for HTTPS Operation 7. iSD-SSL encrypts session and sends HTTPS response to client 2. Switch redirects requests on port 443 to iSD-SSL VIP or group 1. Client sends a HTTPS request . 3. iSD-SSL Completes SSL hand shake 4. iSD-SSL initiates HTTP connection (port 80) to server VIP 6. Server responds to HTTP request and replies to the iSD-SSL VIP 5. Switch selects real server based on configured LB policy HTTP-S HTTP
- 11. Active-Standby iSD Design Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 …… . Active Standby Active – used for Web traffic Standby – used for another service Internet Backbone
- 12. Hot Standby iSD Design Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.240 Active VIP #3 VIP = 205.178.13.110 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.240 Standby VIP #3 VIP = 205.178.13.110 Active Hot Standby L2 Switch
- 13. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 15. IDC LAN Backbone Design 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Dedicated System Service 10 Mbps Shared System service 100 Mbps Dedicate System Service Gigabit Ethernet Backbone L2 Switching Fabric IDC User Access 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Shared System service 100 Mbps Shared System service 100 Mbps Shared System service Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet
- 16. Using STP to Prevent Bridging Loop Internet Bridging Loop
- 17. Using VLANs to Prevent Bridging Loop Internet VLAN 1 VLAN 2 VLAN 3
- 18. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 22. Server Group Health Checking Options Only proves that web process is up. Only proves OS and network is up. Web operation is normal. ICMP-level TCP-level Application-level Health Check Packet PING TCP/80 Get index.html
- 24. BWM-Fairness based on application A.com Internet E-Mail Service E-mail: CIR = 5 SL = 20 HL = 20 WEB Services WEB: CIR = 30 SL = 60 HL = 60
- 25. Multiple Site For Global Presence Web Server Data Base Server Application Server Shanghai Beijing JiangSu Internet Client Client Client Web Server Data Base Server Application Server GuangZhou Web Server Data Base Server Application Server GSLB
- 26. L4 VRRP for High Reliable SLB Internet Backbone VIP VIP VSR=VIP Identical VIP is configured on both Web Switches. VRRP
- 27. L4 Hot-Standby SLB Redundancy Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.227 Active Hot Standby VIP #1 VIP #2 Standby VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.227 Link with traffic Link without traffic
- 28. L4 Active-Standby SLB Redundancy Internet Backbone …… . Active VIP #1 VIP = 205.178.13.226 Standby VIP #2 VIP = 205.178.13.227 Active Active VIP #1 VIP #2 Standby VIP #1 VIP = 205.178.13.226 Active VIP #2 VIP = 205.178.13.227 Link with traffic Link without traffic
- 29. Layer 4 Active-Active Redundancy Active VIP #1 VIP = 205.178.13.100 Active VIP #2 VIP = 205.178.13.200 Internet Backbone Active VIP #1 VIP = 205.178.13.100 Active VIP #2 VIP = 205.178.13.200 VIPs on both switches are active at the same time …… . Active “Virtual” L4 Interfaces VSR1=205.178.13.100 VSR2= 205.178.13.200 VIP #1 VIP #2
- 30. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 32. IDC Customer Network (Option 1) 184 Firewall Firewall FWLB Function Cache Service To servers Cache Server Cache Server Cache Server Cache Server 184 180E 180E 180E 180E Firewall Firewall 180E 180E 180E 180E GSLB and BWM Function FWLB L4/L7 LB Function, SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service SSL Service To servers Gigabit dedicated bandwidth connection Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Cache Server Cache Server Cache Server Cache Server 180E 180E 180E 180E FWLB L4/L7 LB Function, SSL Service SSL Service SSL Service SSL Service SSL Service Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection
- 33. IDC Customer Network (Option 2) 180E AD3 Firewall Firewall AD3 GSLB and BWM Function FWLB Function Cache Service SSL Service SSL Service To servers Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Cache Server Cache Server
- 34. IDC Customer Network (Option 3) 180E GSLB , SLB, iSD Firewall SSL Service To servers Gigabit dedicated bandwidth connection 100Mbps dedicated bandwidth connection 10Mbps dedicated bandwidth connection IDC Network Infrastructure Firewall
- 35. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 38. Alteon Web UI Management Interface Feature Navigation Tree Action Toolbar Display Frame Rotating Status Messages
- 42. Internet Data Center Solution Design Alteon IDC Solution Design IDC Network Infrastructure Design IDC Network WAN Backbone Design IDC Network Firewall & CDN Design IDC Network LAN Backbone Design IDC Network User Access Network Design IDC Network User Network Design IDC Network Management System Design A Sample IDC Network Design
- 43. A Sample IDC Network Design IDC Network Infrastructure Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Dedicated System Service 10 Mbps Shared System service 100 Mbps Dedicate System Service BWM function L4/L7 LB function Cache/ SSLService Gigabit Ethernet Backbone L2 Switching Fabric IDC User Access 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB 10 Mbps Shared System service 100 Mbps Shared System service 100 Mbps Shared System service L2 Switch L2 Switch Cache Cache Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet iSD - SSL iSD - SSL
- 44. IDC L2 Network Design VLAN Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch L2 Switch Cache Cache port3 port1 port2 port1 port1 port2 port2 port3 port3 port4 port4 Alteon 4 Alteon 3 Alteon 2 Alteon 1 If1 10.1.1.2/24 - vlan1 If2 10.1.2.2/24 - vlan2 If3 10.1.3.2/24 - vlan3 If4 10.1.4.2/24 - vlan4 If1 10.1.1.3/24 - vlan1 If2 10.1.2.3/24 - vlan2 If3 10.1.3.3/24 - vlan3 If4 10.1.4.3/24 - vlan4 If1 10.1.1.1/24 - vlan1 If1 10.1.2.4/24 - vlan2 Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet iSD - SSL iSD - SSL vlan2 vlan1 vlan4 vlan3
- 45. IDC High Reliable Network Design VRRP Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB Vlan 1 Vlan 2 RIP1 10.1.2.101 RIP2 10.1.2.102 RIP3 10.1.2.103 RIP4 10.1.2.104 VIP for Virtual Services VR2 - VIP1 10.1.1.10 for HTTP VR4 - VIP2 10.1.1.11 for FTP Server ’ s Default GW VR1 10.1.2.254 VR3 10.1.2.253 Group 1 Group 2 HTTP Servers FTP Servers Master for Virtual Router 1/2 Backup for Virtual Router 3/4 Master for Virtual Router 3/4 Backup for Virtual Router 1/2 Alteon 2 Alteon 1 Alteon 3
- 46. IDC Network Bandwidth Design Bandwidth Management Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB RIP1 10.1.2.101 RIP2 10.1.2.102 RIP3 10.1.2.103 RIP4 10.1.2.104 Group 1 Group 2 HTTP Servers FTP Servers policy 2 hard 150M soft 100M resv 50M cont 2 policy 2 filt 20 Sip 10.1.1.11 smask 255.255.255.255 dip any dmask any action allow adv/cont 2 port 3/ filt ena add 20 policy 1 hard 350M soft 300M resv 250M cont 1 policy 1 filt 10 Sip 10.1.1.10 smask 255.255.255.255 dip any dmask any action allow adv/cont 1 port 2/ filt ena add 10 Port2 Port3 Port1 VIP for Virtual Services VR2 - VIP1 10.1.1.10 for HTTP VR4 - VIP2 10.1.1.11 for FTP Alteon 1 Alteon 3 Alteon 2
- 47. IDC Network Content Cache Design WCR Design INTERNET 10/100 Mbps Switch With Gigabit uplink HUB HUB 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch Cache Cache filt 100 Sip any smask any dip any dmask any Dport 80 Rport 80 action redir Group 3 port 1/ filt ena add 100 Port1 Port1 RIP5 10.1.3.101 RIP5 10.1.3.102 Group 3 Cache Alteon 3 Alteon 2 Alteon 1 Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet
- 48. IDC Network e-Business Design SSL Offload Design Internet Backbone 10/100 Mbps Switch With Gigabit uplink HUB HUB Legends: Gigabit Ethernet 100Mbps Ethernet 10Mbps Ethernet 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink 10/100 Mbps Switch With Gigabit uplink HUB HUB L2 Switch iSD - SSL iSD - SSL filt 110 Sip any smask any dip any dmask any Dport 443 Rport 81 action redir Group 255 port 1/ filt ena add 110 Port1 Port1 RIP7 10.1.4.101 RIP8 10.1.4.102 Group 255 iSD (SSL Offload) Alteon 2 Alteon 1 filt 120 Sip any smask any dip any dmask any Sport 81 action redir Group 255 port 7/ filt ena add 110 Port1 Alteon 3
- 49. Question & Answer Thank You !
- 50. GSLB Working Process 1. Client’s DNS request for www.foo.com sent to local DNS 2. Local DNS queries upstream DNS 3. Switch at site C receives DNS request and determines that sites B and C are closest to user. Acting as Authoritative Name Server, switch selects the best site (B) and returns site B’s IP to client’s local DNS 4. Local DNS server responds to client with site B’s VIP 5. Client opens application session to 205.178.2.2 (site B ) www.foo.com 205.178.2.2 www.foo.com 172.168.13.10 www.foo.com 162.113.25.20 Site health, response time and throughput exchanged between switches on a periodic or event-driven basis using encoded DSSP A B C DSSP Updates 1 4 2 3 5 Rank Site %Traffic 1 B 70 2 C 20 3 A 10 Rank Site Traffic 1 B 80 2 C 20 3 A 10 Rank Site Traffic 1 B 75 2 C 15 3 A 5 DNS
- 51. GSLB Static Tables for User Proximity 1. Client sends request to local DNS server 2. DNS request sent to switch DATABASE FIELDS <IP ADDRESS> <NETMASK> <VIP_1> <VIP_2> 3.Switch looks at database and responds 4.Client request forwarded to nearest location